VulnerableCode Package Details - pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-m6tq-7gmn-2kdy Aliases: CVE-2023-20863 GHSA-wxqc-pxw9-g2p8	In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.	5.2.24.RELEASE Affected by 0 other vulnerabilities. 5.3.27 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.0.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-r8q8-2grb-7ug8 Aliases: CVE-2023-20861 GHSA-564r-hj7v-mcr5	In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.	5.2.23.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.3.26 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-m6tq-7gmn-2kdy
Aliases:
CVE-2023-20863
GHSA-wxqc-pxw9-g2p8

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

5.2.24.RELEASE
Affected by 0 other vulnerabilities.

5.3.27
Affected by 1 other vulnerability.

6.0.8
Affected by 1 other vulnerability.

VCID-r8q8-2grb-7ug8
Aliases:
CVE-2023-20861
GHSA-564r-hj7v-mcr5

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

5.2.23.RELEASE
Affected by 1 other vulnerability.

5.3.26
Affected by 2 other vulnerabilities.

6.0.7
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8cpe-j15y-jbdk	In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.	CVE-2022-22971 GHSA-rqph-vqwm-22vc
VCID-e3yh-y2av-wff3	In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.	CVE-2022-22970 GHSA-hh26-6xwr-ggv7

Vulnerability

Summary

Aliases

VCID-8cpe-j15y-jbdk

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CVE-2022-22971
GHSA-rqph-vqwm-22vc

VCID-e3yh-y2av-wff3

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CVE-2022-22970
GHSA-hh26-6xwr-ggv7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:52:07.838686+00:00	GitLab Importer	Affected by	VCID-m6tq-7gmn-2kdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2023-20863.yml	38.6.0
2026-06-12T18:49:35.817328+00:00	GitLab Importer	Affected by	VCID-r8q8-2grb-7ug8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2023-20861.yml	38.6.0
2026-06-12T15:44:24.674616+00:00	GitLab Importer	Fixing	VCID-8cpe-j15y-jbdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2022-22971.yml	38.6.0
2026-06-12T15:44:16.840546+00:00	GitLab Importer	Fixing	VCID-e3yh-y2av-wff3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2022-22970.yml	38.6.0